CVE-2009-0799 — MEDIUM (4.3)

Q: How severe is CVE-2009-0799?

CVE-2009-0799 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-0799?

Check the references section above for vendor advisories and patch information. Affected products include: Foolabs Xpdf, Glyphandcog Xpdfreader, Poppler Poppler, Apple Cups.

Vulnerability Description

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Foolabs	Xpdf	0.5a
Glyphandcog	Xpdfreader	<= 3.02
Poppler	Poppler	<= 0.10.5
Apple	Cups	<= 1.3.9

Related Weaknesses (CWE)

CWE-119

References

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=495886
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://poppler.freedesktop.org/releases.htmlPatchVendor Advisory
http://rhn.redhat.com/errata/RHSA-2009-0458.html
http://secunia.com/advisories/34291Vendor Advisory
http://secunia.com/advisories/34481Vendor Advisory
http://secunia.com/advisories/34746Vendor Advisory
http://secunia.com/advisories/34755Vendor Advisory
http://secunia.com/advisories/34756Vendor Advisory
http://secunia.com/advisories/34852Vendor Advisory
http://secunia.com/advisories/34959Vendor Advisory
http://secunia.com/advisories/34963Vendor Advisory
http://secunia.com/advisories/34991Vendor Advisory

FAQ

What is CVE-2009-0799?

CVE-2009-0799 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file tha...

How severe is CVE-2009-0799?

CVE-2009-0799 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-0799?

Check the references section above for vendor advisories and patch information. Affected products include: Foolabs Xpdf, Glyphandcog Xpdfreader, Poppler Poppler, Apple Cups.